Code Review / netvirt.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Bug 8398 - communication between two tenant network failed while
[netvirt.git] / vpnservice / aclservice / impl / src / main / java / org / opendaylight / netvirt / aclservice / AbstractIngressAclServiceImpl.java
diff --git a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AbstractIngressAclServiceImpl.java b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AbstractIngressAclServiceImpl.java
index 25a6e979038d63da7aa3aaa61e25bccbcc45572f..1f8c2f01c1848364b25e5cad128c2ca77b20625a 100644 (file)
--- a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AbstractIngressAclServiceImpl.java
+++ b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AbstractIngressAclServiceImpl.java
@@ -87,15 +87,19 @@ public abstract class AbstractIngressAclServiceImpl extends AbstractAclServiceIm
      * @param interfaceName the interface name
      */
     @Override
-    protected void bindService(String interfaceName) {
-        int flowPriority = AclConstants.INGRESS_ACL_DEFAULT_FLOW_PRIORITY;
-
+    public void bindService(String interfaceName, Long vpnId) {
         int instructionKey = 0;
         List<Instruction> instructions = new ArrayList<>();
-        Long elanTag = AclServiceUtils.getElanIdFromInterface(interfaceName, dataBroker);
-        instructions.add(MDSALUtil.buildAndGetWriteMetadaInstruction(MetaDataUtil.getElanTagMetadata(elanTag),
-                MetaDataUtil.METADATA_MASK_SERVICE, ++instructionKey));
+        if (vpnId != null) {
+            instructions.add(MDSALUtil.buildAndGetWriteMetadaInstruction(MetaDataUtil.getVpnIdMetadata(vpnId),
+                    MetaDataUtil.METADATA_MASK_VRFID, ++instructionKey));
+        } else {
+            Long elanTag = AclServiceUtils.getElanIdFromInterface(interfaceName, dataBroker);
+            instructions.add(MDSALUtil.buildAndGetWriteMetadaInstruction(MetaDataUtil.getElanTagMetadata(elanTag),
+                    MetaDataUtil.METADATA_MASK_SERVICE, ++instructionKey));
+        }
         instructions.add(MDSALUtil.buildAndGetGotoTableInstruction(NwConstants.EGRESS_ACL_TABLE, ++instructionKey));
+        int flowPriority = AclConstants.INGRESS_ACL_DEFAULT_FLOW_PRIORITY;
         BoundServices serviceInfo = AclServiceUtils.getBoundServices(
                 String.format("%s.%s.%s", "acl", "ingressacl", interfaceName),
                 ServiceIndex.getIndex(NwConstants.EGRESS_ACL_SERVICE_NAME, NwConstants.EGRESS_ACL_SERVICE_INDEX),
@@ -163,8 +167,16 @@ public abstract class AbstractIngressAclServiceImpl extends AbstractAclServiceIm
             ingressAclDhcpv6AllowServerTraffic(dpid, dhcpMacAddress, lportTag, addOrRemove,
                     AclConstants.PROTO_PREFIX_MATCH_PRIORITY);
             ingressAclIcmpv6AllowedTraffic(dpid, lportTag, addOrRemove);
+
+            programArpRule(dpid, lportTag, addOrRemove);
         }
-        programArpRule(dpid, lportTag, addOrRemove);
+    }
+
+    @Override
+    protected void updateArpForAllowedAddressPairs(BigInteger dpId, int lportTag, List<AllowedAddressPairs> deletedAAP,
+            List<AllowedAddressPairs> addedAAP) {
+        // Nothing to do for port update as ingress ARP flow is based only on lportTag
+
     }
 
     @Override
@@ -220,20 +232,23 @@ public abstract class AbstractIngressAclServiceImpl extends AbstractAclServiceIm
 
     @Override
     protected void writeCurrentAclForRemoteAcls(Uuid acl, int addOrRemove, Long elanTag, AllowedAddressPairs ip,
-            BigInteger aclId) {
+            BigInteger aclId, Long vpnId) {
         List<MatchInfoBase> flowMatches = new ArrayList<>();
-        flowMatches.addAll(AclServiceUtils.buildIpAndElanDstMatch(elanTag, ip, dataBroker));
+        flowMatches.addAll(AclServiceUtils.buildIpAndSrcServiceMatch(elanTag, ip, dataBroker, vpnId));
 
         List<InstructionInfo> instructions = new ArrayList<>();
 
         InstructionWriteMetadata writeMetatdata =
-                new InstructionWriteMetadata(aclId, MetaDataUtil.METADATA_MASK_REMOTE_ACL_ID);
+                new InstructionWriteMetadata(AclServiceUtils.getAclIdMetadata(aclId),
+                        MetaDataUtil.METADATA_MASK_REMOTE_ACL_ID);
         instructions.add(writeMetatdata);
         instructions.add(new InstructionGotoTable(getIngressAclFilterTable()));
 
-        String flowNameAdded = "Acl_Filter_Ingress_" + new String(ip.getIpAddress().getValue()) + "_" + elanTag;
+        Long serviceTag = vpnId != null ? vpnId : elanTag;
+        String flowNameAdded = "Acl_Filter_Ingress_" + new String(ip.getIpAddress().getValue()) + "_" + serviceTag;
+        LOG.warn((addOrRemove == 0 ? "ADD" : "REMOVE") + flowNameAdded);
 
-        Map<String, Set<AclInterface>> mapAclWithPortSet = aclDataUtil.getRemoteAclInterfaces(acl);
+        Map<String, Set<AclInterface>> mapAclWithPortSet = aclDataUtil.getAllRemoteAclInterfaces();
         Set<BigInteger> dpns = collectDpns(mapAclWithPortSet);
         for (BigInteger dpId : dpns) {
             LOG.debug("writing rule for ip {} and rlanId {} in ingress acl remote table {}", getIpPrefixOrAddress(ip),
@@ -244,32 +259,34 @@ public abstract class AbstractIngressAclServiceImpl extends AbstractAclServiceIm
     }
 
     protected short getIngressAclFilterTable() {
-        return NwConstants.INGRESS_ACL_FILTER_TABLE;
+        return NwConstants.EGRESS_ACL_FILTER_TABLE;
     }
 
     protected short getIngressAclRemoteAclTable() {
-        return NwConstants.INGRESS_ACL_REMOTE_ACL_TABLE;
+        return NwConstants.EGRESS_ACL_REMOTE_ACL_TABLE;
     }
 
     @Override
     protected void writeRemoteAclForCurrentAclForInterface(BigInteger dpId, int addOrRemove, AclInterface inter,
-            BigInteger aclId, Long elanTag) {
+            BigInteger aclId, Long elanTag, Long vpnId) {
         for (AllowedAddressPairs ip : inter.getAllowedAddressPairs()) {
             if (!AclServiceUtils.isNotIpv4AllNetwork(ip)) {
                 continue;
             }
             List<MatchInfoBase> flowMatches = new ArrayList<>();
-            flowMatches.addAll(AclServiceUtils.buildIpAndElanDstMatch(elanTag, ip, dataBroker));
+            flowMatches.addAll(AclServiceUtils.buildIpAndSrcServiceMatch(elanTag, ip, dataBroker, vpnId));
 
             List<InstructionInfo> instructions = new ArrayList<>();
 
             InstructionWriteMetadata writeMetatdata =
-                    new InstructionWriteMetadata(aclId, MetaDataUtil.METADATA_MASK_REMOTE_ACL_ID);
+                    new InstructionWriteMetadata(AclServiceUtils.getAclIdMetadata(aclId),
+                            MetaDataUtil.METADATA_MASK_REMOTE_ACL_ID);
             instructions.add(writeMetatdata);
             instructions.add(new InstructionGotoTable(getIngressAclFilterTable()));
 
+            Long serviceTag = vpnId != null ? vpnId : elanTag;
             String flowNameAdded =
-                    "Acl_Filter_Ingress_" + new String(ip.getIpAddress().getValue()) + "_" + elanTag;
+                    "Acl_Filter_Ingress_" + new String(ip.getIpAddress().getValue()) + "_" + serviceTag;
 
             LOG.debug("writing rule for ip {} and elanId {} in ingress acl remote table {}",
                     getIpPrefixOrAddress(ip), elanTag, getIngressAclRemoteAclTable());
NetVirt - Archived